Root Cause of anonymous (spam) emails-"vulnerabilities" that are inevitable on almost all servers on the network"

Article Title: Root Cause of anonymous (spam)-vulnerabilities that are unavoidable on almost all servers on the Internet ". Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
When you see the title of this article, many people may know this "Vulnerability". Some people know this "Vulnerability" during reading the article ", some people may be surprised, because the title seems to be too serious, but no matter what level or psychology the person reading this article is, my goal is to give a more detailed introduction to this defect on the network, because I believe that the network will be improved slowly only when you see such a "Vulnerability, to make progress.
Sending anonymous emails is already an old topic on the Internet. Many email server administrators have taken many measures to prevent anonymous emails from being sent, such as IP address roaming records, SMTP authentication and so on, and achieved quite good results, but recently through my tracking of the mail sending process, although the above method can prevent some people from sending anonymous emails, but in fact, anonymous emails can still be sent smoothly. This vulnerability should be a common problem of 100% of email servers so far, and is an unavoidable "Vulnerability ", this is mainly because of the imperfect SMTP service. In fact, many tools for sending spam are working in the principle I introduced in this article. At present, domestic email servers should all have such vulnerabilities. Large websites such as Netease, Sina, and Sohu cannot escape. If the administrators of these websites see this article, if you are interested, you can test it with me.
First, let me briefly talk about the principle of Email Delivery, assuming that the DOMAIN of your mail server is cdefg.com, to send a test@cdefg.com email, the normal transmission of email requires the dns mx record to find the IP address of the corresponding server, and then start sending the email. Similarly, the cdefg.com email server will find the mail record of abcd.com, then, send the email to the IP address corresponding to abcd.com. Suppose xxx is found. xxx. xxx. xxx, and xxx. xxx. xxx. xxx has an smtp service, and the server will connect to xxx. xxx. xxx. port 25 of xxx (the port listened by the SMTP service), and send the email.
Speaking of this, there may be a lot of people waiting for it, right? Now, let me start to introduce "vulnerabilities". Any server on the Internet will accept anonymous emails and spam mails unconditionally, and any email may be forged, maybe some people are shocked to think that they can forge all of them? How did they do it? Some people may also say that this is not a vulnerability, but a mail transmission mechanism. But this can indeed pose a great threat to the Internet. For example, it is too simple to forge an email on the Internet. It is not like a real letter, but can read handwriting. In the network, all pens are keyboards, and the only thing that can be identified is digital authentication. However, in China, which is not economically developed, everyone wants digital authentication, it is very difficult, so it is the best way to improve the SMTP service.
On the Internet, how does one implement the process of sending anonymous mails and forged mails? Very simple, I will introduce to you, such as forging a webmaster@domain.com to send an e-mail to the username@domainname.com, first of all because to send mail to the username@domainname.com, so first find the SMTP server to this mail address, use the nslookup tool in the command line to quickly find out, as shown below:
C: \> nslookup
Default Server: ns.hncsptt.net.cn
Address: 202.103.96.68 // start running nslookup, and the default DNS server is the IP Address.
> Set type = mx // set the display type to an MX record.
> Domainname.com // query the MX record of domainame.com.
Domainname.com MX preference = 10, mail exchanger = mail.domainname.com
Mail.domainname.com internet address = xxx. xxx
> Exit
The above command quickly finds out that the address of the STMP server in the domainname.com domain is xxx.
Okay, let's continue,
C: \> telnet xxx. xxx 25
:
220 mail.domainname.com
Here, it may also be something else, because the default domain may not be the domianname.com domain, and others, but no matter what, you only need to see the number 220.
Run the following command:
HELO domain.com
Return Value:
250 mail.domainname.com Hello [x. x]
Here, the handshake with the mail server is successful, and x. x. x is your IP address.
Well, the most important thing we pretend to be is:
Mail from: webmaster@domain.com
250 OK
Here we tell the server that we will use the webmaster@domain.com email to send this email, unfortunately no SMTP server will verify the authenticity of this email, therefore, it is recognized by the server. Therefore, the server returns the 250 OK message to accept the message and waits for the following command.
Rcpt to: username@domainname.com
250 OK
Tell the server that the mail is sent to the username@domainname.com, but the server only checks here that the domainname.com domain is in its own forwarding list, because we are directly querying the SMTP server for the dommainname.com domain, so of course it will definitely be in the list, so the server returns OK without more verification.
DATA
354 Start mail input; end .
Enter DATA here to tell the server to start entering the email content. The email server will return the 354 message and the email mentioned above will end.
Enter the mail content, but generally the mail will have a mail header. For more authentic forged mail, we can enter the following:
From: webmaster@domain.com // Let client tools such as Outlook, foxmail show the sender as a webmaster@domain.com
To: username@domainname.com // also let the client Tool Show recipients as username@domainname.com
Subject: send anonymous mail // mail Subject
Test // The email content.
. // Enter "." at the end of the email.
250 send OK
The server returns 250, saying the mail is successfully sent, then you successfully impersonate the webmaster@domain.com to send an email to the username@domainname.com, but if the recipient looks at the mail header, you can see your IP address, it is a pity that more than 90% of Email users do not care about the IP address of the email sender, and more people do not have such professional knowledge, so they can only identify the authenticity of the email content, but how many people quickly think that the email he is reading is a fake one? Likewise, since the mail can be forged, anonymous mails can naturally be sent, because both are the same method. The principle used by tools used on the Internet to send anonymous mails and AD mails is basically the same.
Everyone knows this. As long as you know who's email address, and then find out the SMTP server based on the email address domain, you can quickly send an anonymous email to him, or forged emails, because all SMTP servers will not verify whether the sender is real or false, and the server will not verify all emails sent to its own users, this is the imperfection of the SMTP service, which leads to such a very serious "Vulnerability". This vulnerability makes the spam and advertisement emails on the Internet increasingly rampant, it can be said that it is the root cause of anonymous (spam) emails.
Disclaimer: it is illegal to use the technology introduced in this article to send Malicious spam and forged mails. The content of emails in this article is for the reference of the network administrator only. Do not use it for other purposes, otherwise, you are at your own risk !!